PRISM
PRISM is a code name for a program under which the United States National Security Agency (NSA) collects internet communications from various U.S. internet companies.[1][2][3] The program is also known by the SIGAD US-984XN.[4][5] PRISM collects stored internet communications based on demands made to internet companies such as Google LLC and Apple under Section 702 of the FISA Amendments Act of 2008 to turn over any data that match court-approved search terms.[6] Among other things, the NSA can use these PRISM requests to target communications that were encrypted when they traveled across the internet backbone, to focus on stored data that telecommunication filtering systems discarded earlier,[7][8] and to get data that is easier to handle.[9]
For other uses, see Prism (disambiguation).
PRISM began in 2007 in the wake of the passage of the Protect America Act under the Bush Administration.[10][11] The program is operated under the supervision of the U.S. Foreign Intelligence Surveillance Court (FISA Court, or FISC) pursuant to the Foreign Intelligence Surveillance Act (FISA).[12] Its existence was leaked six years later by NSA contractor Edward Snowden, who warned that the extent of mass data collection was far greater than the public knew and included what he characterized as "dangerous" and "criminal" activities.[13] The disclosures were published by The Guardian and The Washington Post on June 6, 2013. Subsequent documents have demonstrated a financial arrangement between the NSA's Special Source Operations (SSO) division and PRISM partners in the millions of dollars.[14]
Documents indicate that PRISM is "the number one source of raw intelligence used for NSA analytic reports", and it accounts for 91% of the NSA's internet traffic acquired under FISA section 702 authority."[15][16] The leaked information came after the revelation that the FISA Court had been ordering a subsidiary of telecommunications company Verizon Communications to turn over logs tracking all of its customers' telephone calls to the NSA.[17][18]
U.S. government officials have disputed criticisms of PRISM in the Guardian and Washington Post articles and have defended the program, asserting that it cannot be used on domestic targets without a warrant. Additionally claiming the program has helped to prevent acts of terrorism, and that it receives independent oversight from the federal government's executive, judicial and legislative branches.[19][20] On June 19, 2013, U.S. President Barack Obama, during a visit to Germany, stated that the NSA's data gathering practices constitute "a circumscribed, narrow system directed at us being able to protect our people."[21]
Introduction slide
Slide showing that much of the world's communications flow through the U.S.
Details of information collected via PRISM
Slide listing companies and the date that PRISM collection began
Slide showing PRISM's tasking process
Slide showing the PRISM collection dataflow
Slide showing PRISM case numbers
Slide showing the REPRISMFISA Web app
Slide showing some PRISM targets.
Slide fragment mentioning "upstream collection", FAA702, EO 12333, and references yahoo.com explicitly in the text
FAA702 Operations, and map
FAA702 Operations, and map. The subheader reads "Collection only possible under FAA702 Authority". FAIRVIEW is in the center box.
FAA702 Operations, and map. The subheader reads "Collection only possible under FAA702 Authority". STORMBREW is in the center box.
Tasking, Points to Remember. Transcript of body: "Whenever your targets meet FAA criteria, you should consider asking to FAA. Emergency tasking processes exist for [imminent /immediate ] threat to life situations and targets can be placed on [illegible] within hours (surveillance and stored comms). Get to know your Product line FAA adjudicators and FAA leads."
![Tasking, Points to Remember. Transcript of body: "Whenever your targets meet FAA criteria, you should consider asking to FAA. Emergency tasking processes exist for [imminent /immediate ] threat to life situations and targets can be placed on [illegible] within hours (surveillance and stored comms). Get to know your Product line FAA adjudicators and FAA leads."](http://upload.wikimedia.org/wikipedia/commons/thumb/d/de/Prism-blurry-frag-1.png/150px-Prism-blurry-frag-1.png)
Legal aspects[edit]
Applicable law and practice[edit]
On June 8, 2013, the Director of National Intelligence issued a fact sheet stating that PRISM "is not an undisclosed collection or data mining program," but rather "an internal government computer system" used to facilitate the collection of foreign intelligence information "under court supervision, as authorized by Section 702 of the Foreign Intelligence Surveillance Act (FISA) (50 U.S.C. § 1881a)."[54] Section 702 provides that "the Attorney General and the Director of National Intelligence may authorize jointly, for a period of up to 1 year from the effective date of the authorization, the targeting of persons reasonably believed to be located outside the United States to acquire foreign intelligence information."[188] In order to authorize the targeting, the attorney general and Director of National Intelligence need to obtain an order from the Foreign Intelligence Surveillance Court (FISA Court) pursuant to Section 702 or certify that "intelligence important to the national security of the United States may be lost or not timely acquired and time does not permit the issuance of an order."[188] When requesting an order, the attorney general and Director of National Intelligence must certify to the FISA Court that "a significant purpose of the acquisition is to obtain foreign intelligence information."[188] They do not need to specify which facilities or property will be targeted.[188]
After receiving a FISA Court order or determining that there are emergency circumstances, the attorney general and Director of National Intelligence can direct an electronic communication service provider to give them access to information or facilities to carry out the targeting and keep the targeting secret.[188] The provider then has the option to: (1) comply with the directive; (2) reject it; or (3) challenge it with the FISA Court. If the provider complies with the directive, it is released from liability to its users for providing the information and is reimbursed for the cost of providing it,[188] while if the provider rejects the directive, the attorney general may request an order from the FISA Court to enforce it.[188] A provider that fails to comply with the FISA Court's order can be punished with contempt of court.[188]
Finally, a provider can petition the FISA Court to reject the directive.[188] In case the FISA Court denies the petition and orders the provider to comply with the directive, the provider risks contempt of court if it refuses to comply with the FISA Court's order.[188] The provider can appeal the FISA Court's denial to the Foreign Intelligence Surveillance Court of Review and then appeal the Court of Review's decision to the Supreme Court by a writ of certiorari for review under seal.[188]
The Senate Select Committee on Intelligence and the FISA Courts had been put in place to oversee intelligence operations in the period after the death of J. Edgar Hoover. Beverly Gage of Slate said, "When they were created, these new mechanisms were supposed to stop the kinds of abuses that men like Hoover had engineered. Instead, it now looks as if they have come to function as rubber stamps for the expansive ambitions of the intelligence community. J. Edgar Hoover no longer rules Washington, but it turns out we didn't need him anyway."[189]
Besides the information collection program started in 2007, there are two other programs sharing the name PRISM:[202]